TranslateProject/sources/tech/20210512 Using Ansible to configure Podman containers.md
Qian.Sun 79a54532ba translating
20210512 Using Ansible to configure Podman containers is translated by DCOLIVERSUN
2021-05-13 21:26:50 +08:00

9.5 KiB
Raw Blame History

Using Ansible to configure Podman containers

Photo by Marta Markes on Unsplash

In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With the help of Ansible, you can perform all of the tasks through a remote host executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux, and how to use it to manage and configure Podman containers. 

Ansible

Ansible is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrators job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you dont have to install anything on managed nodes. For more information about Ansible, see the Ansible tag in Fedora Magazine.

Podman

Podman is an open source container engine which is used for developing, managing and running container images. But what is a container? Every time you create any new application and deploy it either on physical servers, cloud servers or virtual machines, the most common problems which you face are portability and compatibility. This is where containers come into the picture. Containers virtualize at the OS level so they only contain required libraries and app services. The benefits of containers include:

  • portabilty 
  • isolation
  • scaling
  • light weight
  • fast boot up
  • smaller disk and memory requirements

In a nutshell: when you build a container image for any application, all of the required dependencies are packed into the container. You can now run that container on any host OS without any portability and compatibility issues.

The key highlight of Podman is that it is daemon-less, and so does not require root privileges to run containers. You can build the container images with the help of a Dockerfile or pull images from Docker Hub, fedoraproject.org or Quay. For more information about Podman, see the Podman tag in Fedora Magazine.

Why configure Podman with Ansible?

Ansible provides a way to easily run repetitive tasks many times. It also has tons of modules for cloud providers like AWS, GCP, and Azure, for container management tools like Docker and Podman, and also for database management. Ansible also has a community (Ansible Galaxy) where you can find tons of Ansible roles created by contributors from all over the world. All of this makes Ansible a great tool for DevOps engineers and system administrators.

With DevOps, the development of applications is fast-paced. Developing applications which can run on any operating system is essential. This is where Podman comes into picture.

Installing ansible

First, install Ansible:

$ sudo dnf install ansible -y

Configuring ansible

Ansible needs ssh to work on managed nodes, so first generate a key pair.

$ ssh-keygen

Once the key is generated, copy the key to the managed node.

Enter yes and enter the password of the managed node. Now your managed host can be accessed remotely.

For ansible to access managed nodes, you need to store all hostnames or IP addresses in an inventory file. By default, this is in ~/etc/ansible/hosts.

This is what the inventory file looks like. Here square brackets are used to assign groups to some specific nodes.

[group1]
green.example.com
blue.example.com
[group2]
192.168.100.11
192.168.100.10

Check that all managed nodes can be reached.

$ ansible all -m ping

You should see output like this:

[mahesh@fedora new] $ ansible all -m ping
fedora.example.com I SUCCESS {
    "ansibe_facts": {
       "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[mahesh@fedora new] $

Now create your first playbook which will install Podman on managed nodes. First create a file with any name with .yml extension.

$ vim name_of_playbook.yml

The playbook should look something like below. The first field is name for the playbook. The hosts field is used to mention hostname or group name mentioned in inventory. become: yes indicates escalating privileges and tasks contain all the tasks that are going to execute, here name specifies task name, yum is module to install packages, below that specify name of package in name field and state is for installing or removing the package.

name: First playbook    hosts: fedora.example.com    become: yes   tasks:     – name: Installing podman.       yum:         name: podman        state: present

Check for any syntax errors in the file.

$ ansible-playbook filename --syntax-check

Now run the playbook.

$ ansible-playbook filename

You should get output like this:

[mahesh@fedora new] $ ansible-playbook podman_installation.yml
PLAY [First playbook] *************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
0k: [fedora.example.com]

TASK [Installing podman] ************************************************************************************************
changed: [fedora.example.com]

PLAY RECAP *************************************************************************************************
fedora.example.com    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
[mahesh@fedora new] $

Now create a new playbook which pulls an image from Docker Hub. Youll use the podman_image module to pull the httpd image of version 2-alpine from Docker Hub.

---
 - name: Playbook for podman.
    hosts: fedora.example.com
    tasks:
     - name: Pull httpd:2-alpine image from dockerhub.
       podman_image:
         name: docker.io/httpd
         tag: 2-alpine

Now check the pulled image.

[mahesh@fedora new] $ podman images
REPOSITORY                           TAG                  IMAGE ID           CREATED             SIZE
docker.io/library/httpd       2-alpine         fa848876521a    11 days ago        57 MB

[mahesh@fedora new] $

Create a new playbook to run the httpd image. See the podman_container module documentation for more information.

---
 - name: Playbook for podman.
   hosts: fedora.example.com
   tasks:
     - name: Running httpd image.
        containers.podman.podman_container:
          name: my-first-container
          image:  docker.io/httpd:2-alpine
          state: started

Check that the container is running.

[mahesh@fedora new] $ podman ps
CONTAINER ID        IMAGE    COMMAND   CREATED      STATUS         PORTS         NAMES
45d966eOe207     docker.io/library/httpd:2-alpine    httpd-foreground    13 seconds ago    Up 13 seconds ago       my-first-container

[mahesh@fedora new] $

Now to stop the running container, change the state value from started to absent.

- name: Stopping httpd container.
       containers.podman.podman_container:
         name: my-first-container
         image:  docker.io/httpd:2-alpine
         state: absent

When you run the podman ps command, you wont see any containers running.

[mahesh@fedora new] $ podman ps
CONTAINER ID    IMAGE    COMMAND    CREATED    STATUS    PORTS    NAMES

[mahesh@fedora new] $

There are so many things that are possible with podman_container like recreating containers, restarting containers, checking whether container is running or not and many more. See the documentation for information on performing these actions.


via: https://fedoramagazine.org/using-ansible-to-configure-podman-containers/

作者:mahesh1b 选题:lujun9972 译者:译者ID 校对:校对者ID

本文由 LCTT 原创编译,Linux中国 荣誉推出